resolved: support for dnssec requests in the stub & a lot of other stuff #17535
Conversation
|
This is material for v248. I split some commits out of it, with smaller less risky stuff, as #17534 which should be good for v247 |
|
This pull request introduces 1 alert when merging 6de96aa into ea394d4 - view on LGTM.com new alerts:
|
poettering
force-pushed
the
resolved-bypass
branch
from
6de96aa
to
c8022f3
Compare
|
This pull request introduces 1 alert when merging c8022f3 into 2386d1c - view on LGTM.com new alerts:
|
poettering
force-pushed
the
resolved-bypass
branch
from
c8022f3
to
ae10b79
Compare
|
This pull request introduces 1 alert when merging ae10b79 into a1b24ee - view on LGTM.com new alerts:
|
| dns_scope_next_dns_server(t->scope); | ||
|
|
||
| if (dns_scope_get_dns_server(t->scope) == t->server) { | ||
| log_debug_errno(r, "Still pointing to extra listener after switching DNS servers, refusing operation."); |
There was a problem hiding this comment.
This seems to be quite a late point to figure this out. I'd instead expect that our own servers are dropped when parsing /etc/resolv.conf (and also maybe when parsing configuration and/or data received over dns). Why would we ever want to keep such servers on our list?
There was a problem hiding this comment.
so i pondered about that, and i figured it's better to keep them around but not use them than to not even keep them around. And that's because resolved is multiple things: it's both a DNS client and a manager for /etc/resolv.conf. And the additional listeners are probably something that should show up in /etc/resolv.conf if we are told so (if you don't want them to be used, why have them?), and given that we likely write them out it hence made sense to allow pushing them into resolved, even if we don't want to use them ourselves.
Hope that makes sense?
poettering
force-pushed
the
resolved-bypass
branch
from
ae10b79
to
ac499b9
Compare
|
This pull request introduces 1 alert when merging ac499b9 into 23dce98 - view on LGTM.com new alerts:
|
|
The CentOS CI results won't appear here properly until the next force-push as I made a slight mistake during OCP debugging, apologies. |
poettering
force-pushed
the
resolved-bypass
branch
from
ac499b9
to
cc8f745
Compare
|
This pull request introduces 1 alert when merging cc8f745 into 23dce98 - view on LGTM.com new alerts:
|
poettering
force-pushed
the
resolved-bypass
branch
from
cc8f745
to
27be53d
Compare
|
I guess we can close this now. Everything got split out and merged now, except for two final PRs: #18686 + #17800. I guess we don't need to keep this PR open anymore, since there's nothing here that wasn't in either of those branches. Thanks everyone for the reviews, much appreciated, in particular @keszybz and @bluca! |
|
thanks for splitting it up in logical pieces - it made reviewing much much easier |
As noted in systemd#17535 (comment), "raw" is misleading in this context. Let's use a more descriptive term.
Fixes: #11192 #11325 #10737 #17421 #11192 #16298 #11935 #17040 #17413 #16297 #6434 #5873 #15607 #17218 #4621 #16243 #10081 #14483 #12859 #11102 #5552 #10570 #10487 #5029 #17577 #14435 #6490
Replaces: #8608